Big data and the Internet of Things: Two sides of the same coin?

by Tamara Dull, SAS Best Practices

Let’s kick this post off with a quick quiz. Read each statement below and determine if it’s referring to big data or the Internet of Things:

Every minute, we send 204 million emails, generate 1.8 million Facebook likes, send 278 thousand tweets, and upload 200 thousand photos to Facebook. Is this statement about big data or the Internet of Things?

12 million RFID tags (used to capture data and track movement of objects in the physical world) were sold in 2011. By 2021, it’s estimated this number will increase to 209 billion as [big data or the Internet of Things?] takes off.

The boom of [big data or the Internet of Things?] will mean that the amount of devices that connect to the internet will rise from about 13 billion today to 50 billion by 2020.

The [big data or the Internet of Things?] industry was expected to grow from US$10.2 billion in 2013 to about US$54.3 billion by 2017.

The critical challenge is using this data when it is still in motion – and extracting valuable infor­mation from it.

Here’s the answers: 1 – big data; 2 – Internet of Things; 3 – Internet of Things; and 4 – big data. So how did you do? To be honest, if I didn’t have the answers in front of me, I’m not so sure I’d get all these right. I conducted this same quiz during a presentation at a CIO event to “warm up” the attendees. With the exception of question 3 (which they nailed), they were pretty much split on their answers.

Which brings me to the point of this post: What is the relationship between big data and the Internet of Things (IoT)? Are they related and/or are they two sides of the same coin? Let’s examine further.

About the Mauritius conference. In October 2014, representatives from the private sector and academia came together in Mauritius for the 36th International Conference of Data Protection and Privacy Commissioners. The purpose was to discuss both the positive and negative impact of big data and IoT in our daily lives, and the objective was to establish principles and recommendations on how to reduce the risks associated with collecting and using data in this big data-IoT era.

The observations and conclusions of the conference were captured in two documents: the Mauritius Resolution on Big Data and the Mauritius Declaration on the Internet of Things. Both documents acknowledge that IoT’s connected devices coupled with big data can make our lives easier, but there are still important concerns about individuals’ privacy and civil rights.

Mauritius Resolution on Big Data

Be transparent about what data is collected, how data is processed, for what purposes data will be used, and whether data will be distributed to third parties.

Define the purpose of collection at the time of collection and, at all times, limit use of the data to the defined purpose.

Obtain consent.

Collect and store only the amount of data necessary for the intended lawful purpose.

Allow individuals access to data maintained about them, information on the source of the data, key inputs into their profile, and any algorithms used to develop their profile.

Allow individuals to correct and control their information.

Conduct a privacy impact assessment.

Consider data anonymization.

Limit and carefully control access to personal data.

Conduct regular reviews to verify if results from profiling are “responsible, fair and ethical and compatible with and proportionate to the purpose for which the profiles are being used.”

Allow for manual assessments of any algorithmic profiling outcomes with “significant effects to individuals.”

Mauritius Declaration on the Internet of Things

Self-determination is an inalienable right for all human beings.

Data obtained from connected devices is “high in quantity, quality and sensitivity” and, as such, “should be regarded and treated as personal data.”

Those offering connected devices “should be clear about what data they collect, for what purposes and how long this data is retained.”

Privacy by design should become a key selling point of innovative technologies.

Data should be processed locally, on the connected device itself. Where it is not possible to process data locally, companies should ensure end-to-end encryption.

Data protection and privacy authorities should seek appropriate enforcement action when the law has been breached.

All actors in the internet of things ecosystem “should engage in a strong, active and constructive debate” on the implications of the Internet of Things and the choices to be made.

Why it matters. As you can see, these documents do not express any new sentiments around data protection and privacy, but the fact that these issues could be articulated and adopted by these international data protection regulators show how important these issues have become in this big data-IoT era. Unfortunately, these documents are not binding, but they do provide relevant indicators on the direction data privacy policies and trends are going.

Interestingly enough, the issues raised at the Mauritius conference were also reflected in the White House’s reports on big data privacy earlier that year (that I wrote about). Namely, they both raised serious concerns around discrimination against certain groups, personalization, and the de-identification and re-identification of individuals.

My proposal. There is clearly a relationship between big data and IoT. The Mauritius conference helps confirm that. In fact, I would propose that big data is a subset of the IoT discussion. Here’s my rationale:

Big data is about data, plain and simple. Yes, you can add all sorts of adjectives when talking about “big” data, but at the end of the day, it’s all data.

IoT is about data, devices, and connectivity. Data – big and small – is front and center in the IoT world of connected devices.

Too simple? Perhaps. But given how complex both big data and IoT can be, we need to start somewhere. I plan to expand more on this concept in the upcoming months.